def test_sign_csr(self):
ca_key = ssl_certificate_factory.fetch_key(url_helper.url_join(
"file:",
self.ssl_folder_path,
"template",
"ca_key.pem"
))
ca_cert = ssl_certificate_factory.fetch_cert(url_helper.url_join(
"file:",
self.ssl_folder_path,
"template",
"ca_cert.pem"
))
key = ssl_certificate_factory.fetch_key(url_helper.url_join(
"file:",
self.ssl_folder_path,
"template",
"template_key.pem"
))
csr = ssl_certificate_factory.create_csr(key, self.template_cert)
cert = ssl_certificate_factory.sign_csr(
csr, ca_cert, ca_key, constants.DEFAULT_EXPIRATION_DATE, []
)
self.assertEqual(self.template_cert.issuer, cert.issuer)
self.assertEqual(self.template_cert.subject, cert.subject)
self.assertEqual(
self.template_cert.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo),
cert.public_key().public_bytes(Encoding.PEM, PublicFormat.SubjectPublicKeyInfo)
)
def _get_url(self, file_info: SSLFileInfo) -> Optional[str]:
url = file_info.url
file_path = self._get_file_path(file_info)
if url is None and self._store_local and os.path.exists(file_path):
return url_helper.url_join("file:", file_path)
else:
return url
def setUp(self) -> None:
self.set_ssl_folder()
self.ssl_folder_path = os.path.join(self.ssl_folder_path, "template")
self.ssl_folder_url = url_helper.url_join("file:",
self.ssl_folder_path)
cert_name = "template_cert.pem"
key_name = "template_key.pem"
self.storage_info = SSLStorageInfo(
self.ssl_folder_path,
SSLCertificateInfo(
SSLFileInfo(
"", cert_name,
url_helper.url_join(self.ssl_folder_url, cert_name)),
SSLFileInfo("", key_name,
url_helper.url_join(self.ssl_folder_url,
key_name))),
SSLCertificateInfo(SSLFileInfo("", cert_name),
SSLFileInfo("", key_name)),
SSLCertificateInfo(
SSLFileInfo(
"", cert_name,
url_helper.url_join(self.ssl_folder_url, cert_name)),
SSLFileInfo("", key_name,
url_helper.url_join(self.ssl_folder_url,
key_name))))
self.node_service = NodeSSLService(NodeType.API,
self.storage_info,
store_local=False)
self.node_service.blocking_load()
self.ref_cert = ssl_certificate_factory.fetch_cert(
url_helper.url_join(self.ssl_folder_url, cert_name))
self.ref_key = ssl_certificate_factory.fetch_key(
url_helper.url_join(self.ssl_folder_url, key_name))
def create_storage_info(
*,
node_type: NodeType,
is_ca: bool = False,
ca_cert_url: Optional[str] = None,
private_ssl_base_url: Optional[str] = None,
data_dir: str,
ca_dir_name: str = CA_DIR_NAME,
registration_dir_name: str = REGISTRATION_DIR_NAME,
private_dir_name: str = PRIVATE_DIR_NAME) -> SSLStorageInfo:
node_name = node_type.name.lower()
node_ssl_directory = os.path.join(data_dir, constants.SSL_FOLDER,
node_name)
if ca_cert_url is None or private_ssl_base_url is None:
ca_cert_url = url_helper.url_join("file:", node_ssl_directory,
SSLCertificateType.CA.name.lower())
private_ssl_base_url = url_helper.url_join("file:", node_ssl_directory)
node_base_url = private_ssl_base_url
else:
node_base_url = url_helper.url_join(private_ssl_base_url, node_name)
ca_cert_name = constants.SSL_CERT_FILE_FORMAT.format(ca_dir_name)
if is_ca:
ca_key_name = constants.SSL_KEY_FILE_FORMAT.format(ca_dir_name)
ca_key_base_url = url_helper.url_join(private_ssl_base_url,
ca_dir_name)
ca_key_info = SSLFileInfo(
ca_dir_name, ca_key_name,
url_helper.url_join(ca_key_base_url, ca_key_name))
else:
ca_key_info = None
cert_file_name = get_cert_file_name(node_type)
key_file_name = get_key_file_name(node_type)
return SSLStorageInfo(
node_ssl_directory,
SSLCertificateInfo(
SSLFileInfo(ca_dir_name, ca_cert_name,
url_helper.url_join(ca_cert_url, ca_cert_name)),
ca_key_info),
SSLCertificateInfo(SSLFileInfo(private_dir_name, cert_file_name),
SSLFileInfo(private_dir_name, key_file_name)),
SSLCertificateInfo(
SSLFileInfo(
registration_dir_name, cert_file_name,
url_helper.url_join(node_base_url, registration_dir_name,
cert_file_name)),
SSLFileInfo(
registration_dir_name, key_file_name,
url_helper.url_join(node_base_url, registration_dir_name,
key_file_name))))
def test_fetch_key(self):
key_name = "temp_key_file"
key_file = NamedTemporaryFile()
key = ssl_certificate_factory.generate_key()
self.file_path = os.path.join(self.ssl_folder_path, ssl_certificate_factory.KEY_FILE_FORMAT.format(key_name))
ssl_certificate_factory.store_key(key, self.ssl_folder_path, key_name, self._stream_factory)
key_file.write(self.stream_mock.data)
key_file.seek(0)
ref_key = ssl_certificate_factory.fetch_key(url_helper.url_join("file:", key_file.name))
self.assertEqual(
key.private_bytes(Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption()),
ref_key.private_bytes(Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption())
)
def create_ssl_service(
self,
node_type: NodeType,
ca_folder: str = "ca",
node_folder: Optional[str] = None) -> NodeSSLService:
if node_folder is None:
node_folder = node_type.name.lower()
self.set_ssl_folder()
cert_file_name = ssl_data_factory.get_cert_file_name(node_type)
key_file_name = ssl_data_factory.get_key_file_name(node_type)
ca_base_url = url_helper.url_join(self.ssl_folder_url, ca_folder)
registration_base_url = url_helper.url_join(self.ssl_folder_url,
node_folder,
"registration_only")
node_ssl_service = NodeSSLService(
node_type,
SSLStorageInfo(
self.ssl_folder_path,
SSLCertificateInfo(
SSLFileInfo(
ca_folder,
"ca_cert.pem",
url_helper.url_join(ca_base_url, "ca_cert.pem"),
),
SSLFileInfo(
ca_folder,
"ca_key.pem",
url_helper.url_join(ca_base_url, "ca_key.pem"),
)),
SSLCertificateInfo(
SSLFileInfo(f"{node_folder}/private", cert_file_name),
SSLFileInfo(f"{node_folder}/private", key_file_name)),
SSLCertificateInfo(
SSLFileInfo(
f"{node_folder}/registration_only",
cert_file_name,
url_helper.url_join(registration_base_url,
cert_file_name),
),
SSLFileInfo(
f"{node_folder}/registration_only",
key_file_name,
url_helper.url_join(registration_base_url,
key_file_name),
))))
node_ssl_service.blocking_load()
return node_ssl_service
def setUp(self) -> None:
self.set_ssl_folder()
self.ssl_folder_path = os.path.join(self.ssl_folder_path, "template")
self.ssl_folder_url = url_helper.url_join("file:",
self.ssl_folder_path)
self.cert_file_path = os.path.join(self.ssl_folder_path,
"template_cert.pem")
self.csr_file_path = os.path.join(self.ssl_folder_path,
"template_csr.pem")
self.key_file_path = os.path.join(self.ssl_folder_path,
"template_key.pem")
with open(self.cert_file_path, "rb") as template_cert_file:
self.template_cert: x509.Certificate = x509.load_pem_x509_certificate(
template_cert_file.read(), backends.default_backend())
with open(self.csr_file_path, "rb") as template_csr_file:
self.template_csr: x509.CertificateSigningRequest = x509.load_pem_x509_csr(
template_csr_file.read(), backends.default_backend())
with open(self.key_file_path, "rb") as template_key_file:
self.template_key: EllipticCurvePrivateKeyWithSerialization = serialization.load_pem_private_key(
template_key_file.read(), None, backends.default_backend())
def test_fetch_cert(self):
url = url_helper.url_join("file:", self.cert_file_path)
cert = ssl_certificate_factory.fetch_cert(url)
self.assertEqual(self.template_cert, cert)
def set_ssl_folder(self) -> None:
self.ssl_folder_path = get_ssl_test_files(os.path.abspath(__file__),
RELATIVE_PATH_SSL_FILES)
self.ssl_folder_url = url_helper.url_join("file:",
self.ssl_folder_path)